XSS in Kovah Linkace
CVE-2025-62722
LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scripting (XSS) vulnerability that allows any authenticated user to inject arbitrar…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.000 (8.5th percentile) — read the EPSS interpretation.
Affected products
- Kovah Linkace — versions < 2.4.0
Weakness classification (CWE)
References
- https://github.com/Kovah/LinkAce/security/advisories/GHSA-4mxh-7c7f-q79j (x_refsource_CONFIRM)
- https://github.com/Kovah/LinkAce/commit/95d29b71ad9d4750cff8bbe7488802f6a4afa6aa (x_refsource_MISC)
- https://github.com/Kovah/LinkAce/releases/tag/v2.4.0 (x_refsource_MISC)